Abstract
In this chapter, Subramanian and Loh present and evaluate a novel behavioural malware analysis technique that could be used in the above scenarios for runtime input validation. They focus on adaptive, behavioural analytics that evaluate and classify malware that could infect social network enterprise platforms during runtime. A customised design framework is also presented and its performance evaluated on actual malware samples found in the real-world scenario. Subramanian and Loh show that the use of adaptive analytics helps improve malware detection on social networks over time.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
MD5:7ec6ef7a65f6d62338639b8fd12a7b46, SHA-1:5d4e251d0464bef10e699e4e938f2501876409c
- 2.
MD5:9a7f74a8804eca909dc74bf7c180f9d, SHA-1:4224f8f3487aa70858e959f1c14cdd84a948673a
References
Ahmed, I., Lhee, K.-S.: Classification of packet contents for malware detection. J. Comput. Virol. 7(4), 279–295 (2011)
Altman, T.: Malware analysis tool, Capture-Bat. http://travisaltman.com/malware-analysis-tool-capture-bat/ (2012). Accessed on 20 Oct 2012
ANUBIS. http://anubis.iseclab.org/ (2012). Accessed on April 2012
Athanasopoulos, E., Makridakis, A., et al.: Antisocial networks: turning a social network into a botnet. In: Proceedings of the 11th International Conference on Information Security, pp. 146–160. Springer-Verlag, Taipei, Taiwan (2008)
Balzarotti, D., Cova, M., et al.: Efficient detection of split personalities in malware. In: Network and Distributed System Security Symposium (2010)
Bayer, U., Comparetti, P.M., et al.: Scalable, behavior-based malware clustering. In: ISOC NDSS Symposium, USA (2009)
Bonneau, J., Anderson, J., et al.: Prying data out of a social network. In: Proceedings of the 2009 International Conference on Advances in Social Network Analysis and Mining, IEEE Computer Society, pp. 249–254 (2009)
Boyd, C.: Fake linkedin mails lead to cridex. http://www.gfi.com/blog/fake-linkedin-mails-lead-to-cridex/ (2012). Accessed on 23 March 2012
Carr, D.F.: Facebook iFrames: good for business, bad for security? http://www.informationweek.com/thebrainyard/news/social_networking_consumer/229301365 (2011). Accessed on 20 April 2012
Carrera, E., Flake, H.: Automated Structural Classification of Malware. SOURCE Boston, Boston (2008)
Cifuentes, C., Waddington, T., et al.: Computer security analysis through decompilation and high-level debugging. In: Working Conference on Reverse Engineering, Stuttgart (2001)
Cohen, F.: Computer viruses: theory and experiments. Comput. Secur. 6(1), 22–35 (1987)
Dr.Web.: AdWare.Win32.BargainBuddy.n. http://www.drwebhk.com/en/virus_removal/196156/AdWare.Win32.BargainBuddy.n.html (2013). Accessed on 9 Jan 2013
Dr.Web.: TrojanDownloader:Win32/Cornfemo.A. http://www.drwebhk.com/en/virus_removal/936052/TrojanDownloader%3AWin32%2FCornfemo.A.html (2013). Accessed on 9 Jan 2013
Falliere, N., Murchu, L.O., et al.: W32.Stuxnet Dossier, Symantec, 1–68 (2011)
Ferguson, R.: Facebook open JavaScript hole, March 2012 (2011)
GFISandbox.: GFI Sandbox. http://www.gfi.com/malware-analysis-tool (2012). Accessed on April 2012
Gheorghescu, M.: An automated virus classification system. Virus Bull. Conf. 294–300 (2005)
Gu, G., Porras, P., et al.: BotHunter: detecting malware infection through IDS-driven dialog correlation. In: USENIX Security Symposium on USENIX Security Symposium. Berkeley, CA, USA, USENIX Association (2007)
Kang, M.G., Poosankam, P., et al.: Renovo: a hidden code extractor for packed executables. In: ACM Workshop on Recurring Malcode (2007)
Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. J. Mach. Learn. Res. 7, 2721–2744 (2006)
MacDonald, N.: Host-based intrusion prevention systems (HIPS) update: why antivirus and personal firewall technologies aren’t enough. (2007)
Mehdi, S.B., Tanwani, A.K., et al.: IMAD: in-execution malware analysis and detection. In: Proceedings of the Genetic and evolutionary computation (2009)
Moser, A., Kruegel, C., et al.: Exploring multiple execution paths for malware analysis. In: IEEE Symposium on Security and Privacy, 2007, SP’07 (2007)
NORMAN_Sandbox.: NORMAN Sandbox. http://www.norman.com/security_center/security_tools (2012). Accessed on April 2012
Rieck, K., Trinius, P., et al.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639–668 (2011)
Roesch, M.: Snort-lightweight intrusion detection for networks. In: USENIX Systems Administration Conference, Seattle, WA, USENIX Association (1999)
SANS: Internet Storm Center. http://isc.sans.edu/ (2012). Accessed on 1 July 2012
Schuster, A.: Searching for processes and threads in microsoft windows memory dumps. In: Digital Forensic Research Workshop, Science Direct, vol. 3, Supplement, pp. 10–16 (2006)
Sood, A.K., Enbody, R.: Chain exploitation—social networks malware. ISACA J. 1. http://www.isaca.org/Journal/Past-Issues/2011/Volume-1/Pages/Chain-Exploitation-Social-Networks-Malware.aspx#8 (2011a). Accessed on March 2012
Sood, A.K., Enbody, R.J.: Online social networks: malware launch pads. http://www.net-security.org/malware_news.php?id=1895 (2011b). Accessed on March 2012
Swartz, R.J., Cox, D.D., et al.: Inverse decision theory: characterizing losses for a decision rule with applications in cervical cancer screening. J. Am. Stat. Assoc. 101(473), 1–8 (2006)
Turing, A.M.: On computable numbers, with an application to the Entscheidungsproblem. Proc. Lond. Math. Soc. s2-42(1), 230–265 (1937)
Venkataraman, S., Song, D.X., et al.: New streaming algorithms for fast detection of superspreaders. In: Network and Distributed System Security Symposium (NDSS) (2005)
Walenstein, A., Venable, M., et al.: Exploiting Similarity Between Variants to Defeat Malware. BlackHat DC, Washington DC (2007)
Weimin, L., Jingbo, L., et al.: An analysis of security in social networks. In: Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, 2009, DASC ‘09 (2009)
Wu, J., Vangala, S., et al.: An effective architecture and algorithm for detecting worms with various scan techniques. In: IEEE Network and Distributed System Security Symposium, San Diego, CA (2004)
Xun, W., Wei, Y., et al.: Detecting worms via mining dynamic program execution. In: Third International Conference on Security and Privacy in Communications Networks and the Workshops, 2007, SecureComm 2007, (2007)
Yuxin, D., Xuebing, Y., et al.: Feature representation and selection in malicious code detection methods based on static system calls. Elsevier Comput. Secur. 30(6–7), 514–524 (2011)
Zhang, B., Yin, J., et al.: Unknown malicious codes detection based on rough set theory and support vector machine. In: International Joint Conference on Neural Networks, pp. 2583–2587 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media Singapore
About this chapter
Cite this chapter
Subramanian, D., Loh, P.K.K. (2014). Malware Analytics for Social Networking. In: Baek, Y., Ko, R., Marsh, T. (eds) Trends and Applications of Serious Gaming and Social Media. Gaming Media and Social Effects. Springer, Singapore. https://doi.org/10.1007/978-981-4560-26-9_5
Download citation
DOI: https://doi.org/10.1007/978-981-4560-26-9_5
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-4560-25-2
Online ISBN: 978-981-4560-26-9
eBook Packages: EngineeringEngineering (R0)